New versions of Chrome and Firefox have been released today by Google and Mozilla due to the discovery of a rogue Google SSL certificate being abused in the wild.
DigiNotar has admitted yesterday that the issuing of the certificate in question was missed by the auditing firm that went through its systems following the breach it experienced in July, and that many other rogue certificates were issued by the attackers but have been recalled in the meantime.
But, the fact that it declined to share for which particular sites these certificates were issued likely made Google hard code 247 additional SSL certificates for non-Google domains into the blacklist of an upcoming Chrome version, reports The Register.
In the meantime, The Netherland’s government issued a statement saying that the public key infrastructure system used by the government has not been compromised.
DigiNotar has also confirmed that the root server that is used to generate DigID certificates – digital identities used to access the majority of online services offered by Dutch government agencies – has not been accessed by the attackers.
Given that DigiNotar made this claim on account of the results of the poorly effected audit that managed to miss the rogue Google certificate, a lot of people are understandably skeptical, says ThreatPost.
If there is one positive consequence of this whole incident, it is that the security community has begun raising its voice against the (obviously) fallible digital identity certificate system that is currently in place, and has begun searching for alternatives.